I was impressed when I first started making transactions how they register instantly on the blockchain. When I have transacted in person with people, I have always just clicked once and not waited for the transaction to be confirmed- so transactions are effectively instant for me, since an unconfirmed transaction that is on the blockchain is good enough for me.
The transaction isn't "in the blockchain" if it is unconfirmed.
An unconfirmed transactions pretty much means a transaction that everyone (probably) knows about. Once all miners know about your transaction, it is (probably) safe.
Having said that, it really depends on how much is at stake. The larger the amount, the more effort an attacker would be willing to spend to get the transaction reversed.
Also, at the moment, virtually all miners don't allow transaction replacement. If you spend a coin, that transaction gets into all the miners' memory pools. If later, a transaction arrives that re-spends that coin, then they reject it.
However, miners could look at the transaction and see that it pays a higher fee, so use the new one. That way, if they find the next block, they get a higher fee.
The fact that miners don't do this means that they are doing good for the network at a cost to themselves.
It is probable that as fees increase relative to block reward that miners will eventually start including the higher fee paying transaction rather than the one they received first.
There is a thread about a paper where they did some testing. They connected to (say) 50 nodes. They broadcast the transaction on 25 of them and waited until at least 13 of the remaining 25 connections sent back the transaction.
I think it was a vending machine system.
Once they received the transaction back on 13 of the 25 connections, without hearing about a double spend, they were confident that their transaction had flooded the network.
This system inherently assumes honest miners. If a significant portion of the mining power is at pools that will do tx replacement based on fees, then the double spender can replace the transaction by re-spending it with slightly higher fees.
It then gets more complex after that. More advanced miners might have inclusion calculations based on chains of transactions.
For example,
TX1) Client spends a 0.01 BTC coin (A) and gives it to merchant as a new coin (B) with 0.001 fee
Merchant provides goods
TX2) Client re-spends coin A back to himself as a new coin (C) with a 0.002 fee
Miners replace the first tx with the second, since they get more fees
TX3) Merchant responds by spending coin B and paying 0.01 (100%) in fees
TX3 is worth 0.01BTC, so it is a very valuable transaction to include, but it can only be included if TX1 is included. If TX1 is not included, then coin B never exists as a valid coin.
The miner can either include TX1 and TX3 or the miner can include TX2. The first option pays out more.
If the miner does include TX1 and TX3, then the miner gets the entire value of the transaction. The advantage is that at least the double spender gets nothing.
If the double spender is a mining pool, then he has a chance of getting the higher fee though.